﻿<!-- #Include File="../Include/Admin_Onlogin.asp" -->
<!--METADATA TYPE="TypeLib" UUID="{00000205-0000-0010-8000-00aa006d2ea4}"-->
<%
CheckPurview 37,0
dim gPath,gAct,gFileName,gFilePath,g,gRootUrl,gBaseUrl,gPage,gSearch,gEachPage,gFolder,gFilter
dim gPageSize,sTemp,gNoFile
dim sfor(28,2)
gPageSize=100
gRootUrl=Session("webeditbase")
if right(gRootUrl,1)<>"/" Then gRootUrl=gRootUrl&"/"
gNoFile=array("asp","aspx") '禁止访问的脚本
Set Fso=Server.CreateObject(Fso_Sys)

sFor(0,0)="txt":sFor(0,1)=1
sFor(1,0)="chm":sFor(1,1)=2
sFor(2,0)="hlp":sFor(2,1)=2
sFor(3,0)="doc":sFor(3,1)=3
sFor(4,0)="pdf":sFor(4,1)=4
sFor(5,0)="gif":sFor(5,1)=6
sFor(6,0)="jpg":sFor(6,1)=6
sFor(7,0)="png":sFor(7,1)=6
sFor(8,0)="bmp":sFor(8,1)=6
sFor(9,0)="asp":sFor(9,1)=7
sFor(10,0)="jsp":sFor(10,1)=7
sFor(11,0)="js" :sFor(11,1)=7
sFor(12,0)="htm":sFor(12,1)=8
sFor(13,0)="html":sFor(13,1)=8
sFor(14,0)="shtml":sFor(14,1)=8
sFor(15,0)="zip":sFor(15,1)=9
sFor(16,0)="rar":sFor(16,1)=9
sFor(17,0)="exe":sFor(17,1)=10
sFor(18,0)="avi":sFor(18,1)=11
sFor(19,0)="mpg":sFor(19,1)=11
sFor(20,0)="ra" :sFor(20,1)=12
sFor(21,0)="ram":sFor(21,1)=12
sFor(22,0)="mid":sFor(22,1)=13
sFor(23,0)="wav":sFor(23,1)=13
sFor(24,0)="mp3":sFor(24,1)=13
sFor(25,0)="asf":sFor(25,1)=11
sFor(26,0)="php":sFor(26,1)=7
sFor(27,0)="php3":sFor(27,1)=7
sFor(28,0)="aspx":sFor(28,1)=7
gFilePath=Request.ServerVariables("SCRIPT_NAME")
gFileName=mid(gFilePath,instrRev(gFilePath,"/")+1)
gFilePath=lcase(left(gFilePath,instrRev(gFilePath,"/")))
gPath=lcase(getVar("path","str",gRootUrl))

if left(gPath,1)<>"/" Then gPath=gRootUrl&gPath
gPage=getVar("page","num",1)
gAct=getVar("act","str","")
gFilter=getVar("filter","str","")
setBaseUrl 

sub setBaseUrl()
	gBaseUrl=gFileName&"?page="&gPage&"&path="&gPath
	if gFilter<>"" Then gBaseUrl=gBaseUrl&"&filter="&gFilter
end sub

function getVar(theStr,strType,defValue)
	select case strType
	case "str"
		if isEmpty(Request.QueryString(theStr)) or trim(Request.QueryString(theStr))="" Then
			getVar=defValue
		else
			getVar=trim(Request.QueryString(theStr))
		end if
	case "num"
		if isEmpty(Request.QueryString(theStr)) or not isNumeric(Request.QueryString(theStr)) Then
			getVar=defValue
		else
			getVar=cint(Request.QueryString(theStr))
		end if
	case else
		getStr=defValue
	end select
end function

function getForm(theStr,strType,defValue)
	select case strType
	case "str"
		if isEmpty(Request.form(theStr)) or trim(Request.form(theStr))="" Then
			getForm=defValue
		else
			getForm=trim(Request.form(theStr))
		end if
	case "num"
		if isEmpty(Request.form(theStr)) or not isNumeric(Request.form(theStr)) Then
			getForm=defValue
		else
			getForm=cint(Request.form(theStr))
		end if
	case else
		getForm=defValue
	end select
end function

sub HtmEnd(info,isback,dir)
	Set Fso=nothing
	set gFolder=nothing
	Response.Write "<!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.0 Transitional//EN"" ""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"">" & vbCrLf
	Response.Write "<html xmlns=""http://www.w3.org/1999/xhtml"">" & vbCrLf
	Response.Write "<head>" & vbCrLf
	Response.Write "<title>警告</title>" & vbCrlf
	Response.Write "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>" & vbCrLf
	Response.Write "<meta name='viewport' content='width=device-width, initial-scale=1, maximum-scale=1'>" & vbCrLf
	Response.Write "<meta name='apple-mobile-web-app-status-bar-style' content='black'>" & vbCrLf
	Response.Write "<meta name='apple-mobile-web-app-capable' content='yes'>" & vbCrLf
	Response.Write "<meta name='format-detection' content='telephone=no'>" & vbCrLf
	Response.Write "<link href='../Style/global.css' rel='stylesheet' type='text/css'>" & vbCrLf
	Response.Write "<script type='text/javascript'>" & vbCrLf
	Response.Write "var pc_file = '" & InstallDir & "';" & vbCrLf
	Response.Write "var admin_file = '" & AdminFolder & "/';" & vbCrLf
	Response.Write "</script>" & vbCrLf
	Response.Write "<script type='text/javascript' src='../Js/Admin.js'></script>" & vbCrLf
	Response.Write "<script type='text/javascript' src='../../Dialog/lhgcore.min.js'></script>" & vbCrLf
	Response.Write "<script type='text/javascript' src='../../Dialog/lhgcalendar.min.js'></script>" & vbCrLf
	Response.Write "<script type='text/javascript' src='../../Dialog/main.js'></script>" & vbCrLf
	Response.Write "</head>" & vbCrlf
	Response.Write "<body>" & vbCrlf
	select case isback
	case 1
		if info<>"" Then
			Response.Write("<script language=""javascript"">Dialog.alert('"&info&"',function(){history.back();});</script>")
		else
			Response.Write("<script language=""javascript"">history.back();</script>")
		end if
	case 2
		if info<>"" Then
			Response.Write("<script language=""javascript"">Dialog.alert('"&info&"',function(){parent.main.location.href='"&dir&"';});</script>")
		else
			Response.Write("<script language=""javascript"">parent.main.location.href='"&dir&"';</script>") 
		end if
	end select
	Response.Write "</body>" & vbCrlf & "</html>"
	Response.End()
end sub

function procIsEdit(sName)
	dim i1,i,isEdit
	isEdit=Array(1,7,8)
	procIsEdit=0
	i1=procGetFormat(sName)
	for i=0 to ubound(isEdit)
		if isEdit(i)=i1 Then
			procIsEdit=1
			exit for
		end if
	next 
end function

function procGetExtName(sName)
	procGetExtName=""
	if instrRev(sName,".")<1 Then exit function
	procGetExtName=lcase(mid(sName,instrRev(sName,".")+1))
end function

function procGetFormat(sName)
	dim i,str
	procGetFormat=0
	if instrRev(sName,".")=0 Then exit function
	str=lcase(mid(sName,instrRev(sName,".")+1))
	for i=0 to uBound(sFor,1)
		if str=sFor(i,0) Then 
			procGetFormat=sFor(i,1)
			exit for
		end if
	next
end function

function procCheckFile(sName,ischeck)
	dim sExt,sPath,i,errorchar
	errorchar=array("'","""","\","/","*","?","&","|","<",">")
	procCheckFile="ok"
	sExt=lcase(procGetExtName(sName))
	if gFilter<>"" Then
		if instr(sName,gFilter)<1 Then
			procCheckFile="没有权限访问此文件!"
			exit function
		end if 
	end if
	if Session("webeditrun")="0" Then
		for i=0 to ubound(gNoFile)
			if gNoFile(i)=sExt Then 
				procCheckFile="没有权限访问此文件!"
				exit function
			end if
		next
	end if
	if ischeck>0 Then
		sPath=left(sName,instrRev(sName,"/"))
		sPath=procCheckDir(sPath,1)
		if sPath<>"ok" Then 
			procCheckFile=sPath
			exit function
		end if
		if ischeck=1 and not Fso.FileExists(Server.MapPath(sName)) Then
			procCheckFile="文件没有找到!"
			exit function
		end if
	else
		for i=0 to ubound(errorchar)
			if instr(sName,errorchar(i))>0 Then
				procCheckFile="文件名中含有非法字符!"
				exit function
			end if
		next
	end if 
	procCheckFile="ok"
end function

function procCheckDir(sPath,mode)
	dim errorchar,i,hd,str
	sPath=lcase(sPath)
	procCheckDir="ok"
	errorchar=array("'","""","\","..","//","*","?","&","|","<",">")
	if isempty(sPath) or trim(sPath)="" Then
		procCheckDir="目录不能为空!"
		exit function
	end if 
	for i=0 to ubound(errorchar)
		if instr(sPath,errorchar(i))>0 Then
			procCheckDir="目录名中含有非法字符"
			exit function
		end if
	next
	
	if gFilePath=left(sPath,len(gFilePath)) Then
		procCheckDir="没有权限访问此目录!"
		exit function
	end if
	
	if mode=0 Then exit function
	if not  Fso.FolderExists(Server.MapPath(sPath)) Then
		procCheckDir="目录"&sPath&"没有找到!"
		exit function
	end if
	
	if left(sPath,len(gRootUrl))<>gRootUrl Then
		procCheckDir="没有权限访问此目录!"
		exit Function
	end if
end function
%>